W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2013

Re: additional mechanisms on top of the auth framework, was: SECDIR review of draft-ietf-httpbis-p7-auth-24

From: Julian Reschke <julian.reschke@gmx.de>
Date: Fri, 01 Nov 2013 14:12:50 +0100
Message-ID: <5273A8D2.2050604@gmx.de>
To: Bjoern Hoehrmann <derhoermi@gmx.net>, Julian Reschke <julian.reschke@greenbytes.de>
CC: Stephen Kent <kent@bbn.com>, secdir <secdir@ietf.org>, Barry Leiba <barryleiba@computer.org>, Pete Resnick <presnick@qti.qualcomm.com>, "Mankin, Allison" <amankin@verisign.com>, HTTP Working Group <ietf-http-wg@w3.org>
On 2013-10-31 16:05, Bjoern Hoehrmann wrote:
> * Julian Reschke wrote:
>> On 2013-10-31 15:44, Bjoern Hoehrmann wrote:
>>> I think doing s/encryption/authentication/ instead would be better.
>>> There is no reason to discuss confidentiality here. Encryption and other
>>> cryptographic techniques are used in many authentication schemes, like
>>> with client certificates; that may have been the idea behind the text.
>> "authentication on the transport layer"?
> Applying my suggestion would make the text read,
>     The HTTP protocol does not restrict applications to this simple
>     challenge-response framework for access authentication. Additional
>     mechanisms MAY be used, such as authentication at the transport
>     level or via message encapsulation, and with additional header fields
>     specifying authentication information. However, such additional
>     mechanisms are not defined by this specification.
> (The MAY might be better as "can".)
 > ...

OK, applied with 

Best regards, Julian
Received on Friday, 1 November 2013 13:13:35 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:19 UTC